how much your AI agent can do before a human has to say yes — classified from “approves every click” to “we find out what it did on Monday.”
A classification of how independently an agent can act. Ranges from A1 (suggests only; a human executes) through A4 (acts independently; human review by exception only). The autonomy level determines the stringency of required controls. Declared in ART-05.
Why It Matters
Autonomy level is the single most important variable in agent governance. It determines everything else: the required controls, the testing regime, the monitoring intensity, the human oversight pattern, and the blast radius if something goes wrong. An A1 agent that only suggests — a human executes every action — is a suggestion engine. An A4 agent acting independently within declared scope is a digital worker with production access.
The problem is not that organisations deploy autonomous agents. The problem is that they deploy autonomous agents while believing they are supervised. The declared autonomy level in the ART-05 says A2 (“acts with approval per step”). The operational reality is A4: no human has reviewed an agent action in weeks. The gap between declared and actual autonomy is where governance collapses.
This matters at the board level because autonomy level is directly tied to risk appetite. A board that approves “supervised AI” has approved a fundamentally different risk profile than “autonomous AI.” If the agent is actually autonomous but declared as supervised, the board’s risk approval is based on false premises. That is not a technical problem. That is a fiduciary problem.
The Stress Test
Your compliance team audits the AI agents across your organisation. They request the ART-05 declarations. Every declaration says A2: acts with approval per step. The auditors then ask: “For each agent, name the human who approves its actions, how frequently they review, and when the last approval occurred.”
For 60% of the agents, the named reviewer has changed roles. For 25%, the review frequency was “daily” but the last review was three months ago. For 15%, there is no log of any human approval ever occurring. The agents have been operating at A4 autonomy with A2 controls. Your governance framework is compliant on paper. Your agents are ungoverned in practice.
In the Wild
In March 2018, an Uber autonomous test vehicle struck and killed a pedestrian in Tempe, Arizona. The vehicle’s automated driving system detected the pedestrian 5.6 seconds before impact but classified the object inconsistently — as a vehicle, then “other,” then a bicycle. The safety driver, whose role was to monitor the system and intervene when necessary, was watching a video on her phone. The NTSB investigation found that Uber had disabled the vehicle’s emergency braking system, relying entirely on the human safety driver for intervention.
The system’s declared autonomy level required human supervision. The operational reality was that the human was not supervising. The gap between declared and actual oversight was fatal.
Declaring “human-on-the-loop” does not make it true. You have to verify the human is actually on the loop. Continuously.
Epic Systems’ sepsis prediction model was deployed across hundreds of hospitals as a clinical decision support tool — declared as A1 (the system suggests; a clinician decides every action). A University of Michigan study found that in practice, clinicians overrode or ignored the alerts in the vast majority of cases. Alert fatigue transformed the system from A1 (a human reviews every recommendation) to something below the bottom of the ladder: system output that is simply ignored. The model’s actual clinical impact was negligible — not because it was wrong, but because the declared human oversight pattern had collapsed under operational reality.
An A1 system that nobody listens to is not A1. It is not any level. It is decoration.
A mid-tier asset management firm deployed an AI-assisted trading system at A2: the system would propose trades and a human trader would approve each one before execution. Within 90 days, the approval rate had reached 99.7%. The human was approving every trade within seconds. The firm’s risk committee discovered the pattern during a quarterly review and found that the system had effectively been operating autonomously for two months. The trader later admitted that the approvals had become “clicking accept while eating lunch.”
Autonomy levels drift. A2 today becomes A4 tomorrow if nobody monitors whether the human is actually deciding or just clicking.
How to Govern It
Declare the autonomy level. Then verify it is actually operating at that level. Continuously.
Within the AI Control Index, autonomy level governance spans multiple layers and shields:
- Applications & Agents (L4) — Every agent declares its autonomy level in ART-05. The level determines the required controls: A1 requires read-only tool permissions and output logging; A2 requires an approval audit trail; A4 requires circuit breakers, default-deny tool access, and adversarial testing.
- Strategy (L1) — Risk appetite declaration per autonomy level. The board approves the maximum autonomy level permitted for each domain (customer-facing, financial, safety-critical). No agent operates above the declared risk appetite without board-level exception approval.
- Observability (S4) — Monitoring that verifies the actual autonomy level matches the declared level. If the ART-05 says A2 (acts with approval per step), the monitoring must verify that a human is actually approving actions at the declared frequency.
- GRC (S1) — Periodic audits comparing declared autonomy levels against operational reality. Evidence Factory captures review logs, approval rates, and intervention frequency as governance artifacts. An approval rate of 99.7% on an A2 system is an audit finding, not a success metric.
- Security (S2) — Controls that scale with autonomy. Higher autonomy levels trigger stricter tool-call restrictions, more granular logging, lower circuit breaker thresholds, and mandatory red-team testing before deployment.
When It’s Relevant
Every AI agent deployment. Autonomy level is a mandatory field in the ART-05 Agent Control Declaration. It is relevant from the moment an agent is proposed through its entire operational lifetime, because autonomy levels drift — always upward, never downward.
Autonomy level governance is highest priority when:
- The agent is deployed in a domain where errors have financial, legal, or safety consequences
- The declared autonomy level includes human oversight that has not been verified
- The agent’s approval rate exceeds 95% — suggesting the human is rubber-stamping
- The agent has been in production for more than 90 days without an autonomy level audit
- The organisation’s risk appetite for AI autonomy has not been explicitly declared by the board
Related Terms
References
- [1] NTSB (2019) Collision Between Vehicle Controlled by Developmental Automated Driving System and Pedestrian, Tempe, Arizona, March 18, 2018. Highway Accident Report NTSB/HAR-19/03. National Transportation Safety Board.
- [2] Parasuraman, R., Sheridan, T.B. and Wickens, C.D. (2000) ‘A Model for Types and Levels of Human Interaction with Automation’, IEEE Transactions on Systems, Man, and Cybernetics — Part A, 30(3), pp. 286–297.
- [3] Shavit, Y., Amodei, D., Clark, J. et al. (2025) ‘Practices for Governing Agentic AI Systems’, OpenAI white paper. Available at: openai.com/index/practices-for-governing-agentic-ai-systems.
- [4] European Parliament and Council (2024) Regulation (EU) 2024/1689 laying down harmonised rules on artificial intelligence (AI Act), Official Journal of the European Union. Article 14: Human Oversight.
- [5] Wong, A., Otles, E., Donnelly, J.P. et al. (2021) ‘External Validation of a Widely Implemented Proprietary Sepsis Prediction Model in Hospitalized Patients’, JAMA Internal Medicine, 181(8), pp. 1065–1070.
- [6] NIST (2024) Artificial Intelligence Risk Management Framework: Generative AI Profile (AI 600-1). National Institute of Standards and Technology, U.S. Department of Commerce.
- [7] Endsley, M.R. (2017) ‘From Here to Autonomy: Lessons Learned from Human–Automation Research’, Human Factors, 59(1), pp. 5–27.
AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0
By Jeroen Janssen, Apparens